Best Programming Master

Container security incidents are becoming more common, with nearly one in four respondents to a new survey from BellSoft saying they have experienced a security incident. The survey concluded that questions about security practices remain unresolved. According to the survey by OpenJDK provider BellSoft, 62% of participating developers reported that human errors were the biggest contributors to container security mistakes. Among the key findings in the report, BellSoft wrote, are: Developers ranked shells (54%) and package managers (39%) as the most essential tools inside the base container. Package managers present a particularly critical security concern, as they expand the attack surface both directly and by enabling runtime installation of additional unnecessary components. Combined with other non-essential tools, this creates substantial vulnerability exposure in production environments.  A more practical approach is using hardened minimal runtime images, paired with fulle...

Coder creates AI Maturity Self-Assessment and AI Maturity Curve These new tools will enable software development teams to assess how effectively they have adopted AI. The assessment asks teams questions like how standardized their developer environment is, what their governance approach for AI is, how they handle risks like sensitive data exposure, and more. “As AI agents take on more responsibility inside engineering workflows, organizations need a clearer, more tangible way to understand maturity and governance readiness,” said Eric Paulsen, field CTO at Coder. “Without that baseline, it becomes difficult to scale agentic AI safely or predictably. Our self-assessment gives teams a concrete view of where they stand, so they can plan adoption intentionally, manage risk and scale with confidence.” Anthropic makes tools within Claude interactive Anthropic has announced that users will now be able to directly interact with certain tools within Claude. Claude already had the ability ...

M3ter is attempting to make it easier for development teams to adopt usage-based pricing with the launch of m3sh Workflows, a new capability for automating processes between CRM and ERP systems. M3ter acts as an invisible infrastructure layer that provides usage data processing, complex rating, and automation of data flows between monetization systems, and m3sh Workflows gives additional control over how business processes are automated. It offers low- and no-code workflow automation capabilities, including visual workflow design with full API support. According to the company, m3sh Workflows supports advanced use cases such as loading and consolidating pricing and account data from multiple different CRMs, or automatically triggering the renewal of orders when conditions are met, like depleting a usage balance. “m3sh Workflows is key to our vision or automation, putting power in the hands of customers to build and manage automated workflows that connect their quote-to-cash system...

Platform Engineering Labs announced that its open-source infrastructure-as-code (IaC) platform, formae , now has beta support for multiple cloud providers, including Google Cloud, Azure, Oracle Cloud, and OVHcloud. During this beta period, the core workflows function on these clouds, but not all resources are supported yet. The company said it will expand support based on the real usage it sees. “Public cloud support is table stakes for modern Infrastructure as Code, and mature ecosystems already exist around it. At the same time, cloud APIs are still complex in practice. Behavior differs across services, state transitions don’t always align, and correctness often depends on subtle provider-specific details. We consider it our responsibility to make the core cloud plugins reliable and predictable, so teams don’t have to rediscover the same edge cases over and over again,” the company wrote in a blog post . Additionally, the company added a Plugin SDK to enable users to extend formae...

OpenAI’s AgentKit marks a turning point in how developers build agentic AI workflows. By packaging everything, from visual workflow design to connector management and frontend integration, into a single environment, it removes many of the barriers that once made agent creation complex. That accessibility is also what makes it risky. Developers can now link powerful models to corporate data, third-party APIs, and production systems in just a few clicks. Guardrails have been introduced to keep things safe, but they are far from foolproof. For enterprises adopting agentic AI at scale, guardrails alone are not a security strategy; they’re the starting line. What AgentKit Guardrails Actually Do AgentKit includes four built-in guardrails: PII, hallucination, moderation, and jailbreak. Each is designed to intercept unsafe behavior before it reaches or leaves the model. PII Guardrail looks for personally identifiable information, names, SSNs, emails, etc., using pattern matching. Halluc...

Open-source adoption is being accelerated by AI and automation, but developers need to proceed with caution to ensure they’re not introducing extra risk into their software supply chain. Brian Fox, co-founder and CTO of Sonatype, explained that AI can accelerate good engineering, but it can also scale mistakes faster, especially if it doesn’t have real-world data to pull from. For example, if a model doesn’t know what versions exist or which ones have vulnerabilities, it predicts and fills in the blank, leading to upgrades to versions that don’t exist or recommendations that break builds. In its 2026 State of Software Supply Chain report , Sonatype analyzed over 1.2 million malicious packages, 1,700 vulnerability records, and 37,000 AI-driven upgrade recommendations. It found that AI models recommended over 10,000 non-existent versions, which is a 27.75% hallucination rate. “At scale, that’s not funny. It’s operational drag: wasted developer time, broken pipelines, and people losing...

Managing large AI teams today is less like running a traditional engineering organization and more like conducting an orchestra while the music is still being written. Leaders must balance speed, experimentation, risk, and coordination across disciplines that operate at very different tempos. Data scientists optimize for discovery, engineers for reliability and efficiency, security and legal teams for constraint, and leadership ultimately for outcomes. When AI teams are managed using the same structures and decision-making patterns as conventional software teams, friction shows up quickly. The leaders who succeed are those who intentionally redesign structure, alignment, and authority to reflect how AI systems are actually built, deployed, and evolved in practice. A critical starting point is clarity around what an AI system is optimizing for, along with the guardrails that prevent unintended tradeoffs. In practice, AI systems rarely behave uniformly. Performance often varies across u...

Apiiro announces Guardian Agent Guardian Agent rewrites developer prompts to make them more secure and ensure they meet current needs of the software architecture, runtime environments, organizational policies, and regulatory requirements. According to the company, because of AI, security debt is being added faster than it can be fixed, and asking developers to fix vulnerabilities after code is written is no longer sufficient. “The reality is clear: Detection will never scale at the speed of AI. Only prevention will,” the company wrote in a blog post . Ai2 releases Open Coding Agents Open Coding Agents are a family of open agents that utilize a training method that makes it easier for developers to build their own coding agent trained on their internal codebases. The first release is SERA (Soft-verified Efficient Repository Agent), which uses a fine-tuning method that can be specialized to any codebase. The company is also releasing SERA’s training data to help researchers study w...

Userware today released OpenSilver 3.3, introducing native integration between XAML and Blazor. Developers can now embed Blazor components from libraries like DevExpress, Syncfusion, MudBlazor, Radzen, and Blazorise directly inside XAML applications, with no JavaScript bridges or performance overhead. OpenSilver is an open-source framework that runs WPF-style C# and XAML applications in web browsers via WebAssembly. It supports deployment to iOS, Android, Windows, macOS, and Linux through .NET MAUI Hybrid. With version 3.3, developers can also leverage the Blazor component ecosystem while keeping XAML as their primary UI technology. “ Blazor has an incredible component ecosystem. XAML has a powerful layout and binding system that developers love, ” said Giovanni Albani, CEO of Userware. “ With 3.3, you don’t have to choose. Use XAML where it excels, drop in Blazor components where you need them. Your ViewModels and architecture stay the same. ” How It Works Because OpenSilver rende...

Teleport has announced the launch of its new Agentic Identity Framework that defines policies, practices, developer tools, and a reference architecture for securely deploying agents in production. According to the company, agentic AI introduces new security challenges, as they invoke tools, access sensitive data, delegate tasks, and operate across environments at scale, all without human involvement. Teleport says our current identity, access, and security models weren’t designed for non-deterministic systems, and current attempts at deploying agentic systems have led to identity fragmentation, secrets sprawl, limited visibility, and systemic risk. The Agentic Identity Framework attempts to solve these issues by establishing an identity layer that is secured cryptographically with a hardware root of trust. It enables zero trust authentication, zero standing privileges, and real-time visibility into identity behavior. “A unified identity layer is a prerequisite to deploying AI with...

Anthropic has announced that users will now be able to directly interact with certain tools within Claude. Claude already had the ability to connect to tools and take action on a user’s behalf in those tools, so what’s new today is the ability for the user to actually go in and interact with those tools directly in the Claude window. The tools and capabilities that are now supported include: Amplitude: Build analytics charts, explore trends, and adjust parameters Asana: Create projects, tasks, and timelines from chats Box: Search for files, preview documents inline, and extract insights and ask questions about content Canva: Create presentation outlines and customize branding and designs Clay: Research companies, find contact info, get information like company size and funding, and draft personalized outreach Figma: Turn text and images into flow charts, Gantt charts, and other visual diagrams Hex: Ask data questions and get answers containing interactive charts, tables, and ...

GitHub Copilot SDK now in technical preview The SDK allows developers to embed agentic capabilities into their applications using the same execution loop used by the GitHub Copilot CLI. The SDK repository includes setup instructions, starter examples, and SDK references for all of the supported languages. GitHub recommends starting by defining a single task, such as updating files or running a command, and letting Copilot plan and execute steps while the application supplies domain-specific tools and constraints. Anthropic drafts new constitution for Claude models The constitution is Anthropic’s vision for Claude’s values and behavior. The main sections in this updated version include specifications related to helpfulness, ethics, safety, nature, and guidelines for how to handle specific issues, like medical advice or cybersecurity requests. “The constitution is a crucial part of our model training process, and its content directly shapes Claude’s behavior. Training models is a ...

New Relic customers will now be able to monitor their custom ChatGPT apps to ensure they’re delivering the intended performance, reliability, and user experience. “Bringing business services into the natural flow of a ChatGPT conversation is a powerful, intuitive, and revenue-generating strategy,” said Brian Emerson, chief product officer of New Relic. “But once your carefully crafted application instantiates inside ChatGPT, it traditionally enters a black box where standard browser monitoring tools can fail.” The company went on to explain that when an app is rendered in a conversation, developers can’t see things like layout shifts or broken buttons. Additionally, security headers, content security policies, i-frame sandbox rules, and limitations on client-side storage can hide important performance and user experience data. New Relic’s answer to this problem is to send in an agent that can collect and analyze data. It can track PageViews, PageViewtimings, and AjaxRequests, provi...

Testlio has announced the release of a new AI-driven QA analysis solution called LeoInsights . The new platform is powered by the company’s intelligence layer LeoAI Engine, which was trained on 13 years of testing data, 2.6+ million test cases, and 600,000+ devices. It can provide executive summaries featuring key changes, emerging risks, and critical issues, simplifying multiple QA reports into one that can be shared with leaders. LeoInsights also offers a value calculator that quantifies efficiency gains, cost savings, and quality impact, helping QA teams better demonstrate their value to leadership. The calculator can aggregate data across workspaces, do scenario modeling with adjustable inputs, and generate PDFs that can be shared with executives for budgeting and investment discussions. The tool can also provide alerts when unusual trends and anomalies are spotted, helping QA teams discover risks that they might not have otherwise noticed. It also provides app review and senti...

Codenotary is adding new capabilities to its SBOM.sh service, which provides free analysis of software bills of materials (SBOMs). According to the company, the updates were made in consideration of AI applications, and the tool now treats datasets as software supply chain artifacts. “Traditional SBOM tools were built for an earlier era – focusing primarily on source code to improve visibility into the software supply chain,” said Moshe Bar, CEO and co-founder of Codenotary. “Security teams are swimming in SBOMs, but they’re not getting the actionable clarity they need — especially as AI transforms software with AI applications are built on datasets which are entirely ignored by traditional SBOMs.” It now provides documentation of dataset sources, licensing terms, and governance controls, which helps organizations be more audit-ready. SBOM.sh also now captures lineage metadata, such as base-model origins, fine-tuning history, version identifiers, and update pathways. Additionally...